News Items

The threat actor behind the AstraLocker ransomware claims they are ceasing operations and intend to transition to cryptojacking. The creator of the ransomware uploaded a ZIP archive containing AstraLocker decryptors to the VirusTotal malware detection service. After downloading the archive and testing one of the decryptors on files encrypted by a recent AstraLocker operation, Bleeping Computer was able to confirm that the decryptors are reliable and functional. However, other decryptors in the archive are likely designed to decrypt files encrypted in earlier campaigns. The developer did not explain why AstraLocker was shut down, but it was probably because of the sudden attention the operation received as a result of recent reports, which put it in the sights of law enforcement. Emsisoft, a software provider known for assisting ransomware victims with data decryption, is currently developing a universal decryptor for AstraLocker ransomware. This article continues to discuss the close down of the AstraLocker ransomware and the release of decryptors for it.

Bleeping Computer reports "AstraLocker Ransomware Shuts Down and Releases Decryptors"

An investigation conducted by ITV News into cybersecurity at UK public services revealed a significant disparity in defense budgets, hundreds of website vulnerabilities, and staff email addresses and passwords at one council posted in full online. The researchers found that one UK council spent only PS32,000 yearly on cybersecurity. By comparison, another council with a smaller population had an annual cybersecurity budget of PS1m, over 30 times larger. The investigation also revealed that one hospital had only put aside PS10,000 yearly towards cybersecurity. The researchers noted that the cyberattacks had caused real-life problems, including residents forced to leave their homes, canceled hospital operations, incorrect benefit payments, overcharged tax bills, house sales falling through, repairs to council houses not being carried out, inability to apply for council housing, and sensitive data leaked online. Many researchers agreed that there is a lack of clarity and standards for public services regarding cybersecurity. In October of last year, it was reported that UK councils had been hit by a staggering 33,645 data breaches caused by human error in the past five years.

Infosecurity reports: "UK Councils and Hospitals Vulnerable to Cyber Hackers"

OpenSea, the largest nonfungible token (NFT) marketplace with nearly 2 million users, revealed that an employee of one of its email vendors, Customer.io, gained access to and downloaded the company's email list. It also stated that anyone who has previously shared their email address with the platform should assume they are affected. Users are asked to be on the lookout for malicious actors trying to contact them using an email address that looks similar to the company's official email domain, 'opensea.io.' According to Paul Laudanski, head of threat intelligence at the email security firm Tessian, insider abuse is inherently difficult to spot. It is more difficult to detect when the individual is an authorized user. Therefore, he advises all organizations to investigate third-party risk management protocols and to be aware of how and where data is stored. Given that the OpenSea email list is a potentially lucrative dataset for cybercriminals, the intrusion was most likely financially motivated. The millions of customer email addresses will attract threat actors looking to perform widespread phishing attacks. Karl Steinkamp, director at Coalfire, warns that attackers may also utilize the email list to steal NFTs from unsuspecting OpenSea customers. This article continues to discuss the potential impact of the insider hack faced by the OpenSea NFT marketplace.

Dark Reading reports "OpenSea NFT Marketplace Faces Insider Hack"

Researchers have released details on the steps ransomware actors have taken to conceal their true identity online, as well as the location of their web server infrastructure. According to Cisco Talos researcher Paul Eubanks, most ransomware operators host their ransomware operations sites in countries other than their own, such as Sweden, Germany, and Singapore. When they connect to their ransomware web infrastructure for remote administration tasks, they use Virtual Private Server (VPS) hop-points as a proxy to hide their true location. The use of the TOR network and DNS proxy registration services to provide an additional layer of anonymity for their illegal operations is also prominent. However, the cybersecurity firm revealed that it was able to identify TOR hidden services hosted on public IP addresses, some of which are previously unknown infrastructure associated with the DarkAngels, Snatch, Quantum, and Nokoyawa ransomware groups, by taking advantage of the threat actors' operational security missteps and other techniques. This article continues to discuss how the researchers found anonymized ransomware sites on the dark web.

THN reports "Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web"

Morgan Livingston, an expert focused on Artificial Intelligence (AI) policy, suggests using a sociotechnical approach to leveraging and securing Machine Learning (ML). ML is a critical capability in a defense environment that relies on rapidly converting vast volumes of data and new data sources into information and intelligence. It has numerous applications, including geospatial imaging, enterprise and predictive maintenance, and cybersecurity. ML can help cyber defense by monitoring networks for anomalies that indicate intrusions, detecting malware, discovering vulnerabilities with fuzzing, creating dynamic honeypots, and automating known tasks. Over the last decade, AI research in cybersecurity has exploded, and ML is expected to become a critical technology for businesses to counter nation-state cyberattacks. Although AI can help with cyber defense, it also has offensive applications. AI can scale existing attacks like spear-phishing, discover exploitable software vulnerabilities, improve password brute force attacks, develop self-learning targeted malware, or generate data points that can fool other AI models. Adversarial AI could amplify existing threats, create new threats, and change the nature of threats by scaling impact, driving down costs of attacks, increasing the challenges of attribution, and more. ML introduces technical characteristics that make providing security more difficult. Defenders must always be correct, and attackers must only be correct once. With ML's increased complexity, the potential vulnerabilities multiply. ML systems are vulnerable to both traditional and ML-specific vulnerabilities. The attack surface is broad, encompassing the ML model, ML implementation, software throughout the ML pipeline, and even the hardware. There are inherent flaws in ML systems, not because of error but due to the way AI learns. Attackers can poison training data sets, steal models, and reveal hidden aspects of the training data. ML security is still in its early stages, and research on ML robustness may advance sufficiently to provide security guarantees, similar to how cryptography evolved. However, securing AI will require new approaches, including new test, evaluation, verification, and validation processes. This article continues to discuss ML and AI security challenges and the need for a sociotechnical approach to help defenders mitigate risks.

SIGNAL Magazine reports "Securing Machine Learning Requires a Sociotechnical Approach"

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks on computer systems are a significant concern for those responsible for keeping online services operational and protecting systems and their users. DoS attacks are typically performed with malicious intent or as a protest against a specific service or company. A DDoS attack could also expose security flaws in a system, allowing a third party to extract information such as usernames and passwords while the attack is ongoing. Such attacks may also be random, carried out by botnets, or executed solely for the perpetrator's entertainment with no malicious intent. A team of researchers from the Department of Computer Science and Engineering at DIT University in Uttarakhand reviewed how Machine Learning (ML) can be used to combat DoS and DDoS attacks. This article continues to discuss DoS attacks and the researchers' notes on how ML tools can help combat them.

Inderscience reports "Learning to Combat DDoS Attacks"

The Illinois Manufacturing Excellence Center (IMEC) has awarded funding to researchers at Southern Illinois University (SIU) to create a testbed that can be used to experiment with industrial Internet of Things (IoT) devices and cybersecurity integration for manufacturers. SIU will create the Resilient, Adaptive Production leveraging IoT Disruptions (RAPID) testbed to analyze industrial IoT, a new concept in fully connected, transparent, automated, and intelligent factory setup aimed at enhancing the processes and efficiency in manufacturing. The project would provide a sandbox for small and mid-sized manufacturers in Southern Illinois to experiment with smart manufacturing integration. The testbed will serve as a resource for supporting the security and resilience of small and medium-sized manufacturers as they transition to smart manufacturing. This article continues to discuss the support, goals, and development behind the RAPID testbed.

SIU reports "Testbed for Experimenting with Industrial IoT and Cybersecurity Integration in Small Manufacturing"

The Science and Technology Directorate (S&T) of the US Department of Homeland Security (DHS), in collaboration with the Israel National Cyber Directorate (INCD), has launched the Israel-US Binational Industrial Research and Development (BIRD) Cyber program, a new joint initiative managed by the BIRD Foundation. The initiative aims to improve the cyber resilience of critical infrastructure in the US and Israel. BIRD Cyber will promote the collaborative development of technologies that mutually benefit both countries and build on the success of the BIRD Homeland Security (HLS) program launched in 2016 in collaboration with the Israel Ministry of Public Security. The first Call for Proposals issued by BIRD Cyber seeks collaborative projects between US and Israeli entities to develop advanced cybersecurity applications for mission-critical cybersecurity needs. There is a need for innovative technologies in the realms of secured architecture for protecting core operational processes, real-time risk assessment solutions for small-to-medium-sized airports or seaports, resilience center pilots for small and medium-sized businesses and enterprises, and advanced data fusion and analytics. This article continues to discuss the purpose and goals of the Israel-US BIRD Cyber program.

DHS reports "DHS and Israeli Partners Announce Collaboration on Cybersecurity"

The US Securities and Exchange Commission (SEC) recently proposed new rules for public companies, which standardize event reporting and necessitate regular reporting on cybersecurity policies and procedures. The new rules are intended to better inform investors about a registrant's risk management, strategy, and governance, as well as to provide timely notification of material cybersecurity incidents, according to the SEC. The SEC proposes amendments to require timely reporting of significant cybersecurity incidents. The agency also proposes requiring periodic disclosures about a registrant's cybersecurity policies and procedures, management's role in implementing cybersecurity policies and procedures, and the board of directors' cybersecurity expertise and oversight of cybersecurity risk. If the new cybersecurity rules are passed, companies must report within four business days of discovering a material event. A determination, on the other hand, is not the same as the date of discovery. According to the proposal, reporting cannot be delayed while the company conducts internal investigations. In addition, the proposal includes non-inclusive examples of material events such as an unauthorized incident that jeopardized the confidentiality, integrity, or availability of an information asset (i.e., data, system, or network). Another material event would be one in which an unauthorized party accessed, or a party exceeded authorized access, and altered or stole sensitive business information, personally identifiable information, intellectual property, or information, resulting in, or potentially resulting in, a loss or liability for the registrant. This article continues to discuss the new security rules proposed by the SEC for public companies.

Security Intelligence reports "SEC Proposes New Cybersecurity Rules for Public Companies"

Although more than 70 percent of firms have a combination of prevention, detection, and recovery solutions in place, nearly 40 percent of them have experienced ransomware attacks in the past year, according to a report from the data security company Titaniam Inc. Findings show that 60 percent of the time, traditional data security tools such as secure backup and recovery tools, encryption at rest and in transit solutions, tokenization, and data masking fall short of protecting organizations' data against ransomware threats. The research emphasizes that enterprises must be able to encrypt data-in-use to deter malicious actors in their tracks because they cannot afford to rely solely on conventional data security measures to protect themselves from data exfiltration and double extortion ransomware attacks. The issue with traditional data security tools is not that they lack robust security measures but that attackers can circumvent these controls by stealing credentials and gaining privileged access to critical data assets. Therefore, organizations are encouraged to deploy data security solutions with encryption-in-use to defend against the intrusions typical of modern ransomware attacks. This type of encryption can help obscure data so that attackers cannot exfiltrate it with privileged access to enterprise resources. This article continues to discuss key findings from Titaniam's State of Data Exfiltration and Extortion Report.

VB reports "Research Shows Data Security Tools Fail Against Ransomware 60 Percent Of the Time"

The Jenkins security team has disclosed 34 security vulnerabilities impacting 29 plugins for the Jenkins open-source automation server, with all of them being zero-days remaining unpatched. Jenkins is a widely used platform, with support for more than 1,700 plugins, used by enterprises worldwide for software building, testing, and deployment. The CVSS base scores of the zero-days range from low to high severity, and the impacted plugins have over 22,000 installs, according to Jenkins statistics. The full list of flaws that have yet to be patched includes Cross Site Scripting (XSS), Stored XSS, Cross-Site Request Forgery (CSRF) bugs, missing or incorrect permission checks, as well as passwords, Application Programming Interface (API) keys, and tokens stored in plain text. Most of the high severity zero-days require user interaction to be exploited in low complexity attacks by remote attackers with low privileges. According to Shodan data, over 144,000 Jenkins servers are currently accessible via the Internet and could be the target of attacks if they are using unpatched plugins. This article continues to discuss the potential exploitation and impact of the zero-day bugs discovered in 29 plugins for the Jenkins open-source automation server.

Bleeping Computer reports "Jenkins Discloses Dozens of Zero-Day Bugs in Multiple Plugins"

One of the most common Android risks, toll fraud malware, is expanding with capabilities that enable automated membership to premium services, according to a Microsoft warning. In toll fraud, a subset of billing fraud, the threat actor tricks victims into calling or texting a premium number. Toll fraud, on the other hand, requires a mobile operator's network connection because it cannot operate over Wi-Fi. Microsoft has provided technical information on how Android users can protect themselves from toll fraud software. Toll fraud is carried out using the Wireless Application Protocol (WAP), which allows customers to subscribe to premium content and charge the fee to their phone bill. The consumer must click a subscription button to connect via the mobile network. In addition, some services request that users confirm their choice by sending a one-time password (OTP). The fraudulent subscription is initiated, OTPs are intercepted, and warnings that would otherwise alert the victim are suppressed by the malware that facilitates toll fraud. Toll fraud malware authors often include features that make the harmful activity as covert as possible. If the infected device's mobile network is not on the list, one option is to keep the infection dormant. Another approach is to use dynamic code loading, which allows some code to load only under certain conditions. This makes detecting the infection more difficult, especially when using static analysis. This article continues to discuss the phases, process, capabilities, and mitigation of toll fraud malware.

CyberIntelMag reports "Toll Fraud Malware Turns Off Wi-Fi And Pushes Premium Subscriptions"

Dr. Ahmed Aleroud, associate professor in the Augusta University School of Computer and Cyber Sciences and grant principal investigator, has been awarded a three-year grant totaling $500,622 by the Office of Naval Research's Social Networks and Computational Social Science Program for a project aimed at creating new algorithms to mitigate social cyberattacks. According to faculty members, this project will have a significant impact on cybersecurity intelligence and digital forensics research. In the age of social media, cyberattacks on social media are conducted by one or more actors, including bots and human users. These actors enlist the help of other users to create influence campaigns to polarize topic-oriented groups using various content-based and centrality-based intentional cyber-mediated methods. In order to detect and evaluate the effects of such attacks, including on images, videos, and other multimedia content, this project will investigate current deep-learning techniques like adversarial models. Recent studies have indicated that misinformation spreads in 25 different languages, leading to deaths and injuries. Studies have also revealed several attempts to undermine the power of US governmental institutions by spreading misinformation on social media. One of the world's top ten most spoken languages, Arabic, will be the project's focus. Although some researchers have explored various language-based attacks in Arabic, there has not been much research done on social media attacks and how they affect the targeted nations, including the US. The project will develop a new computational framework for analyzing and mitigating social cyberattacks in Arabic-speaking countries, including Syria, Lebanon, Saudi Arabia, Iraq, Egypt, and Jordan. The framework will be driven by approaches from social network analysis, data mining, Machine Learning (ML), Natural Language Processing (NLP), graph mining, and more. It will also involve graph centrality and language models to measure how stories are developed to create topic-oriented communities in Arabic social media. This article continues to discuss the goals and support behind the study on social media cyberattacks.

Augusta University reports "Cyber, Social Sciences Faculty Collaborate to Study Social Media Attacks With $500K Grant"

The FBI's Internet Crime Complaint Center (IC3) issued a warning about the use of deepfakes and stolen Personally Identifiable Information (PII) by individuals seeking remote work positions. According to the FBI, the fraudulent activity targets IT jobs, as well as software and database management and computer programming positions. Complaints to IC3 detailed tactics such as voice spoofing and potential voice deepfakes used during online interviews with job candidates. Some applicants also used stolen PII to try to get a remote position. Stolen PII was intercepted during the pre-employment background check stage of the job applications. Security teams should be on the lookout for insider threats within their networks as deepfakes and stolen PII tactics have been focusing on positions with high levels of access privileges to enterprise systems. This article continues to discuss IC3's warning regarding the use of stolen PII and deepfakes to apply for remote work.

Security Magazine reports "IC3 Issues Warning on Deepfake Use in Remote Work Applications"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has published guidance for transitioning from Basic Authentication ("Basic Auth") in Microsoft Exchange Online to Modern Authentication ("Modern Auth") before Microsoft permanently disables Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support multi-factor authentication (MFA), which is required by Executive Order 14028, "Improving the Nation's Cybersecurity," for Federal Civilian Executive Branch (FCEB) agencies. Although this guidance is intended for FCEB agencies, CISA encourages all organizations to switch to Modern Auth and enable MFA before October 1. CISA urges all organizations to review Switch to Modern Authentication in Exchange Online Before Basic Authentication Deprecation and prioritize moving to Modern Auth. This article continues to discuss new guidance on switching to Modern Auth in Microsoft Exchange Online.

HSToday reports "CISA Releases Guidance on Switching to Modern Auth in Exchange Online Before October 1"

Based on comparisons to the Ronin bridge attack in March 2022, the North Korean-backed Lazarus Group is thought to be responsible for the recent $100 million cryptocurrency theft from Harmony Horizon Bridge. The discovery comes after Harmony announced that a hack had occurred last week on its Horizon Bridge platform, which enables users to transfer cryptocurrency across different blockchains. On June 23, the exploiter conducted a number of transactions to extract tokens housed in the bridge, and they later made off with around $100 million in bitcoin. Ether (ETH), Tether (USDT), Wrapped Bitcoin (WBTC), and BNB were among the stolen cryptocurrency assets, according to a recent study from blockchain analytics firm Elliptic. Days later, on June 27, the perpetrator allegedly started transferring cash totaling $39 million through the Tornado Cash mixer service in an effort to conceal the illicit proceeds and confuse the transaction trail leading back to the initial theft. Elliptic claimed it was in a position to further follow the stolen monies transferred through the service to a number of new Ethereum wallets after being able to "demix" the transactions. The company's attribution to the Lazarus Group stems from the threat actor's history of carrying out cryptocurrency thefts, including those targeting cross-chain bridges earlier this year, and how the funds were stolen and subsequently laundered. The heist was performed by compromising the multi-signature wallet's cryptographic keys, perhaps through social engineering attacks against Harmony team members. This article continues to discuss the Horizon Bridge hack and why Lazarus Group is suspected of having been behind it.

THN reports "North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack"

A series of suspicious cash withdrawal attempts from a bank with locations across the US revealed a number of ATM devices used to steal customer account information. An investigation revealed that a number of customers' debit card numbers, related PINs, and perhaps names and addresses had been hacked. The stolen data might have been used to make fake debit cards and make withdrawal attempts from accounts belonging to actual customers. According to bank Chief Operating Officer Karl Werwath, a "limited number of ATMs" had skimmers implanted by unidentified fraudsters. Over the past two decades, the threat of ATM skimming has increased as criminals have learned to install difficult-to-detect electronic devices onto ATMs, such as fake card readers and keyboards that capture payment card data. Some data suggests that, while still harmful, skimming attacks are becoming less common. However, ATMs remain a popular target for thieves, whose tactics range from transaction reversal fraud to physically prying the cash box open. According to data from the most recent IBM X-Force Threat Intelligence Index Report, the financial sector was the target of 22.4 percent of cyberattacks in 2021, with 70 percent of those attacks targeting banks, 16 percent targeting insurance companies, and 14 percent targeting other financial organizations. This article continues to discuss the ATM skimmer attack on Bank of the West customers, mitigation measures, and the persistent targeting of the financial sector by cybercriminals.

DataBreachToday reports "Bank of the West Customers Hit by ATM Skimmer Attack"

Ukrainian "cyber-police" recently arrested nine alleged members of a prolific phishing gang that made 100 million hryvnias ($3.4m) by luring locals with the promise of financial support from the EU. Digital experts teamed up with Pechersk Police Department officers and specialists from the National Bank of Ukraine (NBU) to crack the case. The nine arrested individuals are accused of building and operating over 400 phishing sites that requested victims enter their bank account and card details in order to apply for social welfare payments from the EU. Once they received the data, the gang would use it to hijack users' accounts and transfer their funds. According to the NBU, over 5000 victims were scammed this way, earning the fraudsters millions. The police also seized computer equipment, mobile phones, bank cards, and money obtained by criminal means while arresting the individuals. Those arrested face 15 years behind bars if found guilty. They have been accused of fraud and unauthorized interference in the work of IT systems and networks.

Infosecurity reports: "Ukrainian Cops Bust Multimillion-Dollar Phishing Gang"

The new head of Israel's National Cyber Directorate (INCD) has announced that the country plans to construct a "Cyber-Dome," a national defense system to combat digital attacks. Gaby Portnoy, the director general of INCD, revealed plans for Cyber-Dome in his first public speech since being appointed to the position in February. The Cyber-Dome will improve Israel's cybersecurity by incorporating new mechanisms into the national cyber perimeter, reducing the harm caused by large-scale cyberattacks. It will also provide tools and services to improve the overall security of national assets. The Dome is a new big data, Artificial Intelligence (AI), and overall proactive defense approach. It will synchronize national-level real-time threat detection, analysis, and mitigation. This article continues to discuss the purpose and plans behind Israel's Cyber-Dome.

The Register reports "Israel Plans 'Cyber-Dome' to Defeat Digital Attacks From Iran and Others"

According to the most recent Internet Security Report from the WatchGuard Threat Lab, ransomware detections in the first quarter of this year surpassed the total number reported for 2021. Researchers also discovered that the notorious Log4Shell vulnerability tripled its attack attempts, the Emotet botnet made a strong comeback, and malicious cryptomining activity increased. Despite data from the Threat Lab's Q4 2021 report showing a downward trend in ransomware attacks year over year, everything changed in Q1 2022 with a huge spike in ransomware detections. While the notorious REvil cybergang was brought to justice in Q4 2021, according to WatchGuard analysis, this may have opened the door for the LAPSUS$ extortion group to appear. This, along with numerous new ransomware variants like BlackCat, the first known ransomware written in the Rust programming language, may have contributed to the rise of ransomware and cyber-extortion as a threat type. The data also indicates that EMEA is still a major hub for malware threats. WatchGuard Fireboxes in EMEA were affected more than those in North, Central, and South America (AMER), with 57 percent and 22 percent, respectively, followed by Asia-Pacific (APAC) at 21 percent, according to regional detections of basic and evasive malware. This article continues to discuss key findings from WatchGuard Threat Lab's latest Internet Security Report.

Help Net Security reports "EMEA Continues to Be a Hotspot for Malware Threats"

According to a new report, the growing threat of data breaches and ransomware is prompting more UK businesses to encrypt all of their data. The report, from hardware-encrypted USB drive maker Apricorn, is based on a Vanson Bourne survey of 100 UK IT decision-makers, which found that 47 percent now require encryption of all data at rest and in transit. Of the organizations, 32 percent encrypt all data stored on their systems or in the cloud. Only 2 percent do not consider encryption to be a priority at this time. A lack of encryption has been identified as the primary cause of a data breach in 16 percent of the IT leaders polled, up from 12 percent in 2021. A rise in remote working is also cited by 24 percent as a motivator for more encryption. This article continues to discuss key findings from the study regarding the increased prioritization of data encryption among organizations in the UK.

BetaNews reports "Almost Half of UK Organizations Now Encrypt All Their Data"

MaliBot malware is a Trojan-like software that, when downloaded onto a user's device, steals banking credentials, other legitimate sensitive financial information, cookies, call logs, texts and application addresses, and even Google account credentials (thereby allowing the malware to sidestep two-factor authentication). It is thought to be related to the well-known FluBot malware, which has long been attacking banking apps in some way, according a study written by F5 Labs. This article continues to discuss the discovery, distribution, and capabilities of the MaliBot malware.

SC Media reports "MaliBot Financial Malware Is a Master of Disguise, Targets Android Users"

Security researchers at Tetra Defense have discovered that attackers continue to find significant success targeting unpatched servers and vulnerable remote-access systems. These compromises cost victim organizations 54% more than compromises caused by user actions (i.e., falling for phishing and opening malicious documents). The security researchers analyzed incident data from the first quarter and found that unpatched vulnerabilities and risky services, such as Remote Desktop Protocol (RDP), account for 82% of successful attacks, while social engineering accounted for just 18% of successful compromises. The ProxyShell exploit for Microsoft Exchange servers accounted for about a third of external breaches, while insecure Remote Desktop Protocol (RDP) servers accounted for a quarter. The researchers noted that while the Log4Shell bug continued to see a great deal of media coverage, the attack vector was only used in 22% of breaches. During the study, the researchers also found that healthcare topped the list of targeted industries, with nearly 20% of compromised organizations falling in that category. Finance and education tied for second at 13%, and manufacturing accounted for 12% of incidents. Tetra Defense also tracked the cybercrime actors responsible for most breaches and found that four groups, Lockbit 2.0, BlackCat, Conti, and Hive, are responsible for about half of all compromises investigated by the firm. The researchers noted that two controls, comprehensive patching and using multifactor authentication (MFA), could have prevented nearly 80% of the investigated incidents. That includes 57% of external compromises that used an unpatched vulnerability and the 13% of successful attacks on virtual private networks that either exploited a vulnerability or used stolen credentials to gain access where MFA was not enabled.

Dark Reading reports: "Cyberattacks via Unpatched Systems Cost Orgs More Than Phishing"

Researchers at Monash University and the Oceania Cyber Security Centre (OCSC) are working with Pacific governments to assess their current cybersecurity situations and make recommendations for the path ahead. Leaders from several Pacific nations recently met in Fiji to strengthen ties and promote regional unity. The Pacific faces numerous challenges, including the threat of climate change and the competition for influence in the region among major powers. Despite these challenges, Pacific countries have demonstrated tenacity in preserving their own and the region's identity and sovereignty. The Pacific Islands Forum's 18 member states signed the Boe Declaration on Regional Security in 2018, which outlines an expanded concept of security that includes cybersecurity. The declaration established cybersecurity as a shared priority for the region. As online services and remote work have grown in popularity in response to the COVID-19 pandemic, the stakes have risen even higher. Cybersecurity will be required to sustain economic development in the face of natural disasters, changes in the global security situation, and global economic upheavals. Pacific Island countries rely on fragile undersea cables for broadband Internet access. Placing government processes online, modernizing digital infrastructure, and encouraging e-commerce will increase security risks. Pacific nations may wish to maintain sovereign control over their data while securing their digital spaces. Data is often controlled outside the country as a result of digitization. The introduction of digital currencies and mobile payments may also weaken a country's control over its monetary policies. Working with overseas cybersecurity suppliers may require the country to hand over access to sensitive data, networks, and systems. The team is using the University of Oxford's Cybersecurity Capacity Maturity Model for Nations (CMM) and their own studies to help Pacific Island countries assess their current posture, identify what to prioritize, and determine how to bolster local capacity and sovereign capability. They are developing a regional framework for island state cybersecurity, which will help such countries build effective emergency response teams, strengthen cyber resilience, and ensure data sovereignty. This article continues to discuss cybersecurity in the Pacific and efforts to help island nations bolster their online defenses.

The Conversation reports "Cybersecurity in the Pacific: How Island Nations Are Building Their Online Defenses"